CVE-2024-46889

EPSS 0.1%
Published 12.11.2024 13:15:09
Last modified 13.11.2024 23:11:58
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Sinec Ins Version < 1.0

Siemens ≫ Sinec Ins Version1.0 Update-

Siemens ≫ Sinec Ins Version1.0 Updatesp1

Siemens ≫ Sinec Ins Version1.0 Updatesp2

Siemens ≫ Sinec Ins Version1.0 Updatesp2_update_1

Siemens ≫ Sinec Ins Version1.0 Updatesp2_update_2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.29

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
productcert@siemens.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-321 Use of Hard-coded Cryptographic Key

The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-46889

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-46889

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-46889

EUVD